- Splunk Answers
- :
- Using Splunk
- :
- Dashboards & Visualizations
- :
- Re: How to Display a custom Message instead of "No...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Everyone,
I have one requirement.
I want when there is No DATA in the dashboard currently its showing like "NO RESULTS FOUND" for all the dashboards.
I want to show some custom messages like "Contact to Team"
How can I show that.
Can someone guide me.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @aditsss,
you have to do something like the following example:
<dashboard>
<label>Your dashboard</label>
<search id="your_search">
<query>
your_search
| fields your_fields
</query>
<earliest>-24h@h</earliest>
<latest>now</latest>
<sampleRatio>1</sampleRatio>
<progress>
<condition match="'job.resultCount' == 0">
<set token="show_html">foob</set>
</condition>
<condition>
<unset token="show_html"></unset>
</condition>
</progress>
</search>
<row>
<panel>
<table rejects="$show_html$">
<title>Process</title>
<search base="your_search">
<query>
| table your_fields
</query>
</search>
<option name="count">100</option>
<option name="dataOverlayMode">none</option>
<option name="drilldown">none</option>
<option name="percentagesRow">false</option>
<option name="refresh.display">progressbar</option>
<option name="rowNumbers">false</option>
<option name="totalsRow">false</option>
<option name="wrap">true</option>
</table>
<html depends="$show_html$">
<p style="color:red;margin-left:30px;font-size:24px">No data:</p>
<br/>
<p style="color:blue;margin-left:30px;font-size:24px">in search results</p>
</html>
</panel>
</row>
</dashboard>In few words you have to:
- put your search as a base search;
- add to the main search the condition to visualize panel or html;
- add the condition to your table/chart "rejects";
- add the html with your message in the panel.
You can find an example of this application in the Splunk Dashboard Eamples App (https://splunkbase.splunk.com/app/1603/) in the dashboard "In page drilldown with perma-linking".
Ciao.
Giuseppe
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @aditsss,
you have to do something like the following example:
<dashboard>
<label>Your dashboard</label>
<search id="your_search">
<query>
your_search
| fields your_fields
</query>
<earliest>-24h@h</earliest>
<latest>now</latest>
<sampleRatio>1</sampleRatio>
<progress>
<condition match="'job.resultCount' == 0">
<set token="show_html">foob</set>
</condition>
<condition>
<unset token="show_html"></unset>
</condition>
</progress>
</search>
<row>
<panel>
<table rejects="$show_html$">
<title>Process</title>
<search base="your_search">
<query>
| table your_fields
</query>
</search>
<option name="count">100</option>
<option name="dataOverlayMode">none</option>
<option name="drilldown">none</option>
<option name="percentagesRow">false</option>
<option name="refresh.display">progressbar</option>
<option name="rowNumbers">false</option>
<option name="totalsRow">false</option>
<option name="wrap">true</option>
</table>
<html depends="$show_html$">
<p style="color:red;margin-left:30px;font-size:24px">No data:</p>
<br/>
<p style="color:blue;margin-left:30px;font-size:24px">in search results</p>
</html>
</panel>
</row>
</dashboard>In few words you have to:
- put your search as a base search;
- add to the main search the condition to visualize panel or html;
- add the condition to your table/chart "rejects";
- add the html with your message in the panel.
You can find an example of this application in the Splunk Dashboard Eamples App (https://splunkbase.splunk.com/app/1603/) in the dashboard "In page drilldown with perma-linking".
Ciao.
Giuseppe
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Below is my dashboard query.
Can you guide me how I can achieve this here.
<form theme="dark">
<label>Salesforce User Licenses Dashboard Clone39</label>
<row>
<panel>
<chart>
<title>Overall Salesforce User Licenses</title>
<search>
<query>index="abc" sourcetype="xyz" $type$ TotalLicenses!=0 | lookup Org_Alias.csv OrgFolderName OUTPUT OrgName as OrgName | search $OrgName$ |dedup OrgFolderName, LicenseName, SalesforceOrgId |chart sum(TotalLicenses) as "Total Licenses" sum(UnusedLicenses) as "Unused Licenses" sum(UsedLicenses) as "Used Licenses" by LicenseName</query>
<earliest>$field1.earliest$</earliest>
<latest>$field1.latest$</latest>
</search>
<option name="charting.axisLabelsX.majorLabelStyle.overflowMode">ellipsisNone</option>
<option name="charting.axisLabelsX.majorLabelStyle.rotation">-45</option>
<option name="charting.axisTitleX.visibility">visible</option>
<option name="charting.axisTitleY.text">Count</option>
<option name="charting.axisTitleY.visibility">visible</option>
<option name="charting.axisTitleY2.visibility">visible</option>
<option name="charting.axisX.scale">linear</option>
<option name="charting.axisY.maximumNumber">999999</option>
<option name="charting.axisY.minimumNumber">0</option>
<option name="charting.axisY.scale">log</option>
<option name="charting.axisY2.enabled">0</option>
<option name="charting.axisY2.scale">inherit</option>
<option name="charting.chart">column</option>
<option name="charting.chart.bubbleMaximumSize">50</option>
<option name="charting.chart.bubbleMinimumSize">10</option>
<option name="charting.chart.bubbleSizeBy">area</option>
<option name="charting.chart.nullValueMode">gaps</option>
<option name="charting.chart.showDataLabels">all</option>
<option name="charting.chart.sliceCollapsingThreshold">0.01</option>
<option name="charting.chart.stackMode">default</option>
<option name="charting.chart.style">shiny</option>
<option name="charting.drilldown">all</option>
<option name="charting.layout.splitSeries">0</option>
<option name="charting.layout.splitSeries.allowIndependentYRanges">0</option>
<option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
<option name="charting.legend.placement">top</option>
<option name="height">400</option>
<option name="refresh.display">progressbar</option>
</chart>
</panel>
</row>
<row>
<panel>
<table>
<title>Overall Salesforce User Licenses</title>
<search>
<query>index="abc" sourcetype="xyz" $type$ | lookup Org_Alias.csv OrgFolderName OUTPUT OrgName as OrgName | search $OrgName$ |dedup OrgFolderName, LicenseName, SalesforceOrgId |stats sum(TotalLicenses) as "Total-Licenses" sum(UsedLicenses) as "Used Licenses" sum(UnusedLicenses) as "Unused Licenses" by LicenseName OrgName SalesforceOrgId | sort -Total-Licenses</query>
<earliest>$field1.earliest$</earliest>
<latest>$field1.latest$</latest>
</search>
<option name="count">30</option>
<option name="dataOverlayMode">none</option>
<option name="drilldown">row</option>
<option name="rowNumbers">false</option>
<option name="wrap">false</option>
<fields>["LicenseName","OrgName","SalesforceOrgId","Total-Licenses","Used Licenses","Unused Licenses"]</fields>
</table>
</panel>
</row>
</form>
I have 5 panels. How can I do this.
I have posted for two panels. Can you guide me how to achieve this.
Thanks in advance.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @aditsss,
I did it for the first panel, but you can follow my approach also for the others:
<search id="my_search">
<query>
index="abc" sourcetype="xyz" $type$ TotalLicenses!=0
| lookup Org_Alias.csv OrgFolderName OUTPUT OrgName as OrgName
| search $OrgName$
| fields OrgFolderName LicenseName SalesforceOrgId TotalLicenses UnusedLicensesUsedLicenses
</query>
<earliest>$field1.earliest$</earliest>
<latest>$field1.latest$</latest>
<progress>
<condition match="'job.resultCount' == 0">
<set token="show_html">foob</set>
</condition>
<condition>
<unset token="show_html"></unset>
</condition>
</progress>
</search>
<row>
<panel>
<chart rejects="$show_html$">
<title>Overall Salesforce User Licenses</title>
<search base="my_search">
<query>
| lookup Org_Alias.csv OrgFolderName OUTPUT OrgName as OrgName
| search $OrgName$
| dedup OrgFolderName, LicenseName, SalesforceOrgId |chart sum(TotalLicenses) as "Total Licenses" sum(UnusedLicenses) as "Unused Licenses" sum(UsedLicenses) as "Used Licenses" by LicenseName
</query>
<earliest>$field1.earliest$</earliest>
<latest>$field1.latest$</latest>
</search>
<option name="charting.axisLabelsX.majorLabelStyle.overflowMode">ellipsisNone</option>
<option name="charting.axisLabelsX.majorLabelStyle.rotation">-45</option>
<option name="charting.axisTitleX.visibility">visible</option>
<option name="charting.axisTitleY.text">Count</option>
<option name="charting.axisTitleY.visibility">visible</option>
<option name="charting.axisTitleY2.visibility">visible</option>
<option name="charting.axisX.scale">linear</option>
<option name="charting.axisY.maximumNumber">999999</option>
<option name="charting.axisY.minimumNumber">0</option>
<option name="charting.axisY.scale">log</option>
<option name="charting.axisY2.enabled">0</option>
<option name="charting.axisY2.scale">inherit</option>
<option name="charting.chart">column</option>
<option name="charting.chart.bubbleMaximumSize">50</option>
<option name="charting.chart.bubbleMinimumSize">10</option>
<option name="charting.chart.bubbleSizeBy">area</option>
<option name="charting.chart.nullValueMode">gaps</option>
<option name="charting.chart.showDataLabels">all</option>
<option name="charting.chart.sliceCollapsingThreshold">0.01</option>
<option name="charting.chart.stackMode">default</option>
<option name="charting.chart.style">shiny</option>
<option name="charting.drilldown">all</option>
<option name="charting.layout.splitSeries">0</option>
<option name="charting.layout.splitSeries.allowIndependentYRanges">0</option>
<option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
<option name="charting.legend.placement">top</option>
<option name="height">400</option>
<option name="refresh.display">progressbar</option>
</chart>
<html depends="$show_html$">
<p style="color:red;margin-left:30px;font-size:24px">No data:</p>
<br/>
<p style="color:blue;margin-left:30px;font-size:24px">in search results</p>
</html>
</panel>
</row>Anyway, see in the Splunk Dashboard Examples App how to do this.
Ciao.
Giuseppe
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have done something like this:
<row>
<panel>
<chart rejects="$show_html$">
<title>Overall Salesforce User Licenses</title>
<search>
<query>index="abc" sourcetype="xyz" $type$ TotalLicenses!=0 | lookup Org_Alias.csv OrgFolderName OUTPUT OrgName as OrgName | search $OrgName$ |dedup OrgFolderName, LicenseName, SalesforceOrgId |chart sum(TotalLicenses) as "Total Licenses" sum(UnusedLicenses) as "Unused Licenses" sum(UsedLicenses) as "Used Licenses" by LicenseName</query>
<earliest>$field1.earliest$</earliest>
<latest>$field1.latest$</latest>
<progress>
<condition match="$job.resultCount$ == 0">
<set token="show_html">true</set>
</condition>
<condition>
<unset token="show_html"/>
</condition>
</progress>
</search>
<option name="charting.axisLabelsX.majorLabelStyle.overflowMode">ellipsisNone</option>
<option name="charting.axisLabelsX.majorLabelStyle.rotation">-45</option>
<option name="charting.axisTitleX.visibility">visible</option>
<option name="charting.axisTitleY.text">Count</option>
<option name="charting.axisTitleY.visibility">visible</option>
<option name="charting.axisTitleY2.visibility">visible</option>
<option name="charting.axisX.scale">linear</option>
<option name="charting.axisY.maximumNumber">999999</option>
<option name="charting.axisY.minimumNumber">0</option>
<option name="charting.axisY.scale">log</option>
<option name="charting.axisY2.enabled">0</option>
<option name="charting.axisY2.scale">inherit</option>
<option name="charting.chart">column</option>
<option name="charting.chart.bubbleMaximumSize">50</option>
<option name="charting.chart.bubbleMinimumSize">10</option>
<option name="charting.chart.bubbleSizeBy">area</option>
<option name="charting.chart.nullValueMode">gaps</option>
<option name="charting.chart.showDataLabels">all</option>
<option name="charting.chart.sliceCollapsingThreshold">0.01</option>
<option name="charting.chart.stackMode">default</option>
<option name="charting.chart.style">shiny</option>
<option name="charting.drilldown">all</option>
<option name="charting.layout.splitSeries">0</option>
<option name="charting.layout.splitSeries.allowIndependentYRanges">0</option>
<option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
<option name="charting.legend.placement">top</option>
<option name="height">400</option>
<option name="refresh.display">progressbar</option>
</chart>
<html depends="$show_html$">
<div style="font-weight:bold;font-size:150%;text-align:center;color:red">
If you considered it as Error. Please Contact O2 Monitoring team.
</div>
</html>
</panel>
But from this its showing only at the top . But I want in each and every panel.
How can I achieve this
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @aditsss,
you have to put the search for the condition out of the panel, so if you have results you display the panel , otherwise you display the html box.
If you have more searches put all of them in the top of the dashboard creating a base search for each of them, eventually (if possible) grouping some of them.
Ciao.
Giuseppe
Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!
They're back! Join the SplunkTrust and MVP at .conf24
Enterprise Security Content Update (ESCU) | New Releases
